-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rotate osdCcsAdmin credentails on creation of each cluster #118
Rotate osdCcsAdmin credentails on creation of each cluster #118
Conversation
198dc5c
to
e94a826
Compare
/hold |
9f72f8c
to
853eac7
Compare
I'm wondering what happens during |
853eac7
to
7a6910a
Compare
@jharrington22: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
7a6910a
to
6a0fa06
Compare
/label tide/merge-method-squash |
2b1cd81
to
420d605
Compare
420d605
to
500bb51
Compare
500bb51
to
203346a
Compare
5aeaf2b
to
2859320
Compare
Apart from my comment about |
ca9471f
to
06a08c1
Compare
/hold cancel @vkareh comments addressed, thanks! |
06a08c1
to
3e8ba26
Compare
/lgtm Thanks @jharrington22! :) |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jharrington22, vkareh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
- refactor(init): verify permissions for osdccsadmin using ValidateSCP - machinepools: Support full CRUD operations for machine pools - Added validation for name - Added Details Page Link - machinepool: Allow managing 'default' machinepool - Rotate osdCcsAdmin credentails on creation of each cluster (openshift#118)
Rotate IAM access keys for the IAM user osdCcsAdmin user each time we use the client to create a cluster. There is no need to permanently store these credentials since they are only used on create, the cluster uses a completely different set of IAM credentials provisioned by this user.